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Amendments to the Claims 

This listing of the claims will replace all prior versions, and listing of claims in the 
application. All amendments are made without prejudice. 

1 . (Currently amended) In a key exchange method for mutual authentication at a subscriber 
station accessed to an authentication server through a wired/wireless communication, a two- 
factor authenticated key exchange method comprising: 

(a) the subscriber station generating a random number and precomputing a first 
predetermined value when the subscriber station does not exchange a key for authentication with 
the authentication server; 

( b) the subscriber station transmitting a key to the authentication server, the key being 
generated using an identifier of the subscriber station and a public key of the authentication 
server; 

(b c) the subscriber station receiving a random number generated by the authentication 

server; 

(e d) encrypting a the first predetermined value using the received random number, a 
password predefined in the subscriber station, and a key stored in a token, and transmitting the 
encrypted first predetermined value and a generated authenticator of the subscriber to the 
authentication server; 

(d e) the subscriber station receiving the authentication server's authenticator from the 
authentication server which authenticates the generated authenticator of the subscriber using the 
encrypted first predetermined value and generates the authentication server's authenticator when 
the authentication is successful; and 

(e f) the subscriber station using a secret key and the password, authenticating the 
received authenticator of the authentication server, and accepting the authenticator of the 
authentication server when the authentication is successful, 

wherein the authentication server's authenticator is generated by the authentication 
server using the encrypted first predetermined value transmitted from the subscriber station, and 

wherein the subscriber station authenticates the authentication server's authenticator 
using the first predetermined value . 
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2. (Original) The two-factor authenticated key exchange method of claim 1, wherein the key 
stored in the token is a symmetric key. 

3. (Currently amended) The two-factor authenticated key exchange method of claim 2, further 
comprising: before (a), 

the subscriber station determining the symmetric key and the password used for a 
symmetric key algorithm and sharing the symmetric key and the password with the 
authentication server during a registration process. 

4. (Previously presented) The two-factor authenticated key exchange method of claim 1, wherein 
the subscriber station stores the password and the public key of the authentication server in the 
token. 

5. (Currently amended) The two-factor authenticated key exchange method of claim 1, wherein 
the generated key is generated by applying a one-way Hash function to an identifier of the 
subscriber station and the public key of the authentication server in ( b). 

6. (Currently amended) The two-factor authenticated key exchange method of claim 1, wherein 
(e d) comprises: 

applying a Hash function to the received random number, the password, and the key 
stored in the token, and generating a second predetermined value; 

using the second predetermined value and encrypting the first predetermined value; 

using the random number and the first predetermined value, and generating the 
subscriber's session key; 

applying the Hash function to the generated session key, the password, the key stored in 
the token, and the identifier of the subscriber station, and generating the subscriber's 
authenticator; and 

transmitting the encrypted first predetermined value and the subscriber's authenticator to 
the authentication server. 



U. S. Appln. No. 10/562,605 



Page 4 



7. (Currently amended) The two-factor authenticated key exchange method of claim 6, wherein 
(e f) comprises: 

applying the Hash function to the subscriber's session key, the password, the key stored 
in the token, and the public key of the authentication server, and generating a third 
predetermined value; 

determining whether the generated third predetermined value corresponds to the 
authenticator of the authentication server received from the authentication server; and 

determining that the authentication between the subscriber station and the authentication 
server is successful and receiving the authenticator of the authentication server when the 
generated third predetermined value is found to correspond to the authenticator of the 
authentication server. 

8. (Currently amended) In a method for an authentication server accessed to a subscriber station 
for wired/wireless communication to exchange a key for mutual authentication, a two-factor 
authenticated key exchange method comprising: 

(a) the authentication server receiving a key which is generated by the subscriber station 
by using an identifier and a public key of the authentication server; 

(b) the authentication server using a value received from the subscriber station, detecting 
the subscriber's password, the key stored in a token, and a public key of the authentication server, 
generating a random number, and transmitting the random number to the subscriber station; 

(c) the authentication server receiving an encrypted value generated by the subscriber 
station and the subscriber's authenticator based on the transmitted random number; 

(d) the authentication server establishing a first predetermined value generated by using 
the password, the key stored in the token, and the random number to be a secret key, decrypting 
the encrypted value received in (c) to generate a second predetermined value, authenticating the 
received authenticator of the subscriber based on the second predetermined value, and receiving 
the subscriber's authenticator when the authentication is successful; and 

(e) the authentication server using the password, the key stored in the token, and the 
public key, and transmitting an authenticator of the authentication server to the subscriber 
station, 
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wherein the authenticator of the authentication server is authenticated by the subscriber 
station using a value which the subscriber station encrypts and generates as the encrypted value 
received from the subscriber station, and 

the encrypted value received from the subscriber station and the subscriber's 
authenticator are generated using a value that is precomputed by the subscriber station when the 
subscriber station does not exchange a key for authentication with the authentication server . 

9. (Original) The two-factor authenticated key exchange method of claim 8, wherein the key 
stored in the token is a symmetric key. 

10. (Original) The two-factor authenticated key exchange method of claim 9, further comprising: 
before (a), the authentication server determining the symmetric key and the password used for a 
symmetric key cryptosystem and sharing the symmetric key and the password with the 
subscriber station during a registration process. 

11. (Previously presented) The two-factor authenticated key exchange method of claim 8, 
wherein the authentication server stores the key stored in the token, the password, and the secret 
key of the authentication server in a security file database. 

12. (Previously presented) The two-factor authenticated key exchange method of claim 8, 
wherein (d) comprises: 

applying a Hash function to the password, the key stored in the token, and the random 
number, and generating the first predetermined value; 

establishing the generated first predetermined value to be a secret key, decrypting the 
received encrypted value, and generating the second predetermined value; 

using the generated second predetermined value, the public key of the authentication 
server, and the random number, and generating a session key of the authentication server; 

determining whether the value obtained by applying the Hash function to the generated 
session key, the password, the key stored in the token, and an identifier of the subscriber station 
corresponds to the received authenticator of the subscriber; and 
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determining that the authentication for the subscriber is found to be successful and 
receiving the authenticator of the subscriber when the value corresponds to the received 
authenticator of the subscriber. 

13. (Original) The two-factor authenticated key exchange method of claim 12, wherein the 
session key of the authentication server is used to generate the authenticator of the authentication 
server in (e). 

14. (Previously presented) The two-factor authenticated key exchange method of claim 1, 
wherein the subscriber station transmits a user name, a hashed value of the public key of the 
authentication server, and a domain name to the authentication server when the identifier of the 
subscriber station uses the NAI (network access ID) format in order to support global roaming 
and billing in (a). 

15. (Currently amended) In a mutual authentication method through a two-factor authenticated 
key exchange between a subscriber station and an authentication server in a wireless 
communication system in which the subscriber station and the authentication server are accessed 
through an access point, an authentication method through a two-factor authenticated key 
exchange comprising: 

(a) the subscriber station generating a random number and precomputing a first 
predetermined value when the subscriber station does not exchange a key for authentication with 
the authentication server; 

( b) the subscriber station receiving an identifier request from the access point; 

(b c) the subscriber station transmitting a key which is generated by using an identifier 
of the subscriber station and a public key of the authentication server to the authentication server 
through the access point; 

(e d) the authentication server using the key received from the subscriber station, 
detecting the subscriber's password, the secret key, and the public key of the authentication 
server, generating a random number, and transmitting the random number to the subscriber 
station through the access point; 
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(d e) the subscriber station using the received random number, the password, and the key 
stored in the token, encrypting the first predetermined value, and transmitting an encrypted first 
predetermined value and the generated authenticator of the subscriber to the authentication server 
through the access point; 

(e f) the authentication server establishing a second predetermined value generated by 
using the password, the key stored in the token, and the random number to be a secret key, 
decrypting the encrypted value received in (d), authenticating the received authenticator of the 
subscriber based on the decrypted value, and when the authentication is found successful, 
transmitting an authenticator of the authentication server generated by using the password, the 
key stored in the token, and the public key to the subscriber station through the access point; 

(f g) the subscriber station using the key stored in the token and the password, 
authenticating the received authenticator of the authentication server, and transmitting an 
authentication result to the authentication server through the access point; and 

(g h) the authentication server transmitting an access permission for the subscriber to the 
subscriber station through the access point when the authentication result transmitted from the 
subscriber station is found successful, 

wherein the authentication server's authenticator is generated by the authentication 
server using the encrypted first predetermined value transmitted from the subscriber station. 

16. (Original) The authentication method of claim 15, wherein the key stored in the token is a 
symmetric key. 

17. (Previously presented) The authentication method of claim 15, wherein an extensible 
authentication protocol is used between the subscriber station and the access point, and 

a RADIUS protocol is used between the access point and the authentication server. 

18. (Currently amended) In a method for exchanging keys for mutual authentication at a 
subscriber station accessed to an authentication server through a wired/wireless communication, 
a recording medium storing a program comprising: 



U. S. Appln. No. 10/562,605 Page 8 

(a) the subscriber station generating a random number and precomputing a first 
predetermined value when the subscriber station does not exchange a key for authentication with 
the authentication server; 

(a b) the subscriber station transmitting a key generated by using an identifier of the 
subscriber station and a public key of the authentication server to the authentication server; 

(b c) the subscriber station receiving a random number generated by the authentication 

server; 

(e d) the subscriber station using the received random number, a password predefined at 
the subscriber station, and the key stored in a token, encrypting the first predetermined value, and 
transmitting an encrypted first predetermined value and the generated authenticator of the 
subscriber to the authentication server; 

(d e) the subscriber station receiving the authentication server's authenticator from the 
authentication server which authenticates the generated authenticator of the subscriber using the 
encrypted first predetermined value and generates the authentication server's authenticator when 
the authentication is successful; and 

(e f) the subscriber station using the key stored in the token and the password, 
authenticating the received authenticator of the authentication server, and accepting the 
authenticator of the authentication server when the authentication is successful, 

wherein the authentication server's authenticator is generated by the authentication 
server using the encrypted first predetermined value transmitted from the subscriber station, and 

wherein the subscriber station authenticates the authentication server's authenticator 
using the first predetermined value. 

19. (Original) The recording medium of claim 18, wherein the key stored in the token is a 
symmetric key. 

20. (Currently amended) In a method for exchanging keys for mutual authentication at an 
authentication server accessed to a subscriber station through a wired/wireless communication, a 
recording medium storing a program comprising: 

(a) the authentication server receiving a value which is generated by using an identifier 
and a public key of the authentication server by the subscriber station; 
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(b) the authentication server using the value received from the subscriber station, 
detecting the user's password, a key stored in a token, and a public key of the authentication 
server, generating a random number, and transmitting the random number to the subscriber 
station; 

(c) the authentication server receiving an encrypted value generated by the subscriber 
station and an authenticator of the subscriber based on the transmitted random number; 

(d) the authentication server establishing a first predetermined value which is generated 
by using the password, the key stored in the token, and the random number to be a secret key, 
decrypting an encrypted value received in (c) to generate a second predetermined value, 
authenticating the received authenticator of the subscriber based on the generated second 
predetermined value, and receiving the authenticator of the subscriber when the authentication is 
found successful; and 

(e) the authentication server transmitting the authenticator of the authentication server 
generated by using the password, the key stored in the token, and the public key to the subscriber 
station, 

wherein the authenticator of the authentication server is authenticated by the subscriber 
station using a value which the subscriber station encrypts and generates as the encrypted value 
received from the subscriber station, and 

the encrypted value received from the subscriber station and the subscriber's 
authenticator are generated using a value that is precomputed by the subscriber station when the 
subscriber station does not exchange a key for authentication with the authentication server . 

21 . (Original) The recording medium of claim 20, wherein the key stored in the token is a 
symmetric key. 



